| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
As we except to get more and more test runners for the different components,
we add a name to easily identify them on the test output.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TKM Diffie-Hellman plugin now maps IANA DH identifiers to TKM DH
algorithm identifiers. The mapping is specified in the daemon's
'dh_mapping' section in the strongswan.conf file:
dh_mapping {
iana_id1 = tkm_id1
iana_id2 = tkm_id2
iana_id3 = tkm_id3
...
}
Only the mapped IANA IDs are registered as supported DH groups.
|
| |
|
|
|
|
| |
Due to problems with the external libraries tkm_init/deinit can't be
called for each test case. Because of this leak detective has to be
disabled for these tests.
|
| |
|
|
|
|
|
|
|
| |
Load complete kernel_netlink plugin instead. Registering the TKM
specific plugins first still ensures that the correct ipsec plugin
is used.
Lazy initialize the RNG_WEAK plugin to avoid the unsatisfiable
soft dependency on startup.
|
| | |
|
| | |
|
| |
|
|
| |
The parameter is used to initialize the given sequence to zero.
|
| | |
|
| | |
|
| |
|
|
|
| |
The TKM kernel SAD (security association database) stores information
about CHILD SAs.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Explicitly register kernel netlink net implementation and avoid loading
the whole kernel-netlink plugin since the kernel netlink ipsec part is
unwanted.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
This function converts a given chunk to a variable-length byte sequence.
|
| |
|
|
|
| |
This function converts a given TKM variable-length byte sequence to
chunk.
|
| | |
|
| |
|
|
|
| |
This data structure allows to store mappings of chunks to ids. This will
be used to map nonces to their corresponding nonce context ids.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Instead of storing the acquired context ids in a linked list, use an
array of booleans for the job. A boolean value of true in the array
designates an available context id.
|
| |
|
|
|
|
|
|
|
|
| |
The tkm_diffie_hellman_t plugin acquires a DH context from the Trusted
Key Manager and uses it to get a DH public value and the calculated
shared secret. Proper context handling is still missing though, the
plugin currently uses context ID 1.
The get_shared_secret function will be removed as soon as the TKM
specific keymat is ready.
|
| | |
|
|
|
Analogous to charon-nm the charon-tkm daemon is a specialized charon
instance used in combination with the trusted key manager (TKM) written
in Ada.
The charon-tkm is basically a copy of the charon-nm code which will
register it's own TKM specific plugins.
The daemon binary is built using the gprbuild utility. This is needed
because it uses the tkm-rpc Ada library and consequently the Ada
runtime. gprbuild takes care of the complete binding and linker steps
required to properly initialize the Ada runtime.
|
